CVE-2024-13723

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 4, 2025

Updated: Feb 6, 2025

CWE ID 434

Summary

CVE-2024-13723 is a remote code execution vulnerability affecting the NagVis component in Checkmk. An attacker with administrative privileges can exploit this flaw by uploading a malicious PHP file and manipulating certain settings to trigger the execution of the file's code. Successful exploitation could lead to significant security risks, including unauthorized system access and data theft. Users are advised to update their Checkmk installations as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nagvis

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2wnH-k
https://www.cve.org/CVERecord?id=CVE-2024-13723
https://nvd.nist.gov/vuln/detail/CVE-2024-13723

Back to Vulnerability Database

CVE-2024-13723

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations